Docs Home
Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
keycloak.Realm
Explore with Pulumi AI
Allows for creating and managing Realms within Keycloak.
A realm manages a logical collection of users, credentials, roles, and groups. Users log in to realms and can be federated from multiple sources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
displayName: "my realm",
displayNameHtml: "<b>my realm</b>",
loginTheme: "base",
accessCodeLifespan: "1h",
sslRequired: "external",
passwordPolicy: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
attributes: {
mycustomAttribute: "myCustomValue",
},
smtpServer: {
host: "smtp.example.com",
from: "example@example.com",
auth: {
username: "tom",
password: "password",
},
},
internationalization: {
supportedLocales: [
"en",
"de",
"es",
],
defaultLocale: "en",
},
securityDefenses: {
headers: {
xFrameOptions: "DENY",
contentSecurityPolicy: "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
contentSecurityPolicyReportOnly: "",
xContentTypeOptions: "nosniff",
xRobotsTag: "none",
xXssProtection: "1; mode=block",
strictTransportSecurity: "max-age=31536000; includeSubDomains",
},
bruteForceDetection: {
permanentLockout: false,
maxLoginFailures: 30,
waitIncrementSeconds: 60,
quickLoginCheckMilliSeconds: 1000,
minimumQuickLoginWaitSeconds: 60,
maxFailureWaitSeconds: 900,
failureResetTimeSeconds: 43200,
},
},
webAuthnPolicy: {
relyingPartyEntityName: "Example",
relyingPartyId: "keycloak.example.com",
signatureAlgorithms: [
"ES256",
"RS256",
],
},
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True,
display_name="my realm",
display_name_html="<b>my realm</b>",
login_theme="base",
access_code_lifespan="1h",
ssl_required="external",
password_policy="upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
attributes={
"mycustomAttribute": "myCustomValue",
},
smtp_server={
"host": "smtp.example.com",
"from_": "example@example.com",
"auth": {
"username": "tom",
"password": "password",
},
},
internationalization={
"supported_locales": [
"en",
"de",
"es",
],
"default_locale": "en",
},
security_defenses={
"headers": {
"x_frame_options": "DENY",
"content_security_policy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"content_security_policy_report_only": "",
"x_content_type_options": "nosniff",
"x_robots_tag": "none",
"x_xss_protection": "1; mode=block",
"strict_transport_security": "max-age=31536000; includeSubDomains",
},
"brute_force_detection": {
"permanent_lockout": False,
"max_login_failures": 30,
"wait_increment_seconds": 60,
"quick_login_check_milli_seconds": 1000,
"minimum_quick_login_wait_seconds": 60,
"max_failure_wait_seconds": 900,
"failure_reset_time_seconds": 43200,
},
},
web_authn_policy={
"relying_party_entity_name": "Example",
"relying_party_id": "keycloak.example.com",
"signature_algorithms": [
"ES256",
"RS256",
],
})
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
DisplayName: pulumi.String("my realm"),
DisplayNameHtml: pulumi.String("<b>my realm</b>"),
LoginTheme: pulumi.String("base"),
AccessCodeLifespan: pulumi.String("1h"),
SslRequired: pulumi.String("external"),
PasswordPolicy: pulumi.String("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername"),
Attributes: pulumi.StringMap{
"mycustomAttribute": pulumi.String("myCustomValue"),
},
SmtpServer: &keycloak.RealmSmtpServerArgs{
Host: pulumi.String("smtp.example.com"),
From: pulumi.String("example@example.com"),
Auth: &keycloak.RealmSmtpServerAuthArgs{
Username: pulumi.String("tom"),
Password: pulumi.String("password"),
},
},
Internationalization: &keycloak.RealmInternationalizationArgs{
SupportedLocales: pulumi.StringArray{
pulumi.String("en"),
pulumi.String("de"),
pulumi.String("es"),
},
DefaultLocale: pulumi.String("en"),
},
SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{
Headers: &keycloak.RealmSecurityDefensesHeadersArgs{
XFrameOptions: pulumi.String("DENY"),
ContentSecurityPolicy: pulumi.String("frame-src 'self'; frame-ancestors 'self'; object-src 'none';"),
ContentSecurityPolicyReportOnly: pulumi.String(""),
XContentTypeOptions: pulumi.String("nosniff"),
XRobotsTag: pulumi.String("none"),
XXssProtection: pulumi.String("1; mode=block"),
StrictTransportSecurity: pulumi.String("max-age=31536000; includeSubDomains"),
},
BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{
PermanentLockout: pulumi.Bool(false),
MaxLoginFailures: pulumi.Int(30),
WaitIncrementSeconds: pulumi.Int(60),
QuickLoginCheckMilliSeconds: pulumi.Int(1000),
MinimumQuickLoginWaitSeconds: pulumi.Int(60),
MaxFailureWaitSeconds: pulumi.Int(900),
FailureResetTimeSeconds: pulumi.Int(43200),
},
},
WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{
RelyingPartyEntityName: pulumi.String("Example"),
RelyingPartyId: pulumi.String("keycloak.example.com"),
SignatureAlgorithms: pulumi.StringArray{
pulumi.String("ES256"),
pulumi.String("RS256"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
DisplayName = "my realm",
DisplayNameHtml = "<b>my realm</b>",
LoginTheme = "base",
AccessCodeLifespan = "1h",
SslRequired = "external",
PasswordPolicy = "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername",
Attributes =
{
{ "mycustomAttribute", "myCustomValue" },
},
SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs
{
Host = "smtp.example.com",
From = "example@example.com",
Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs
{
Username = "tom",
Password = "password",
},
},
Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs
{
SupportedLocales = new[]
{
"en",
"de",
"es",
},
DefaultLocale = "en",
},
SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs
{
Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs
{
XFrameOptions = "DENY",
ContentSecurityPolicy = "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
ContentSecurityPolicyReportOnly = "",
XContentTypeOptions = "nosniff",
XRobotsTag = "none",
XXssProtection = "1; mode=block",
StrictTransportSecurity = "max-age=31536000; includeSubDomains",
},
BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs
{
PermanentLockout = false,
MaxLoginFailures = 30,
WaitIncrementSeconds = 60,
QuickLoginCheckMilliSeconds = 1000,
MinimumQuickLoginWaitSeconds = 60,
MaxFailureWaitSeconds = 900,
FailureResetTimeSeconds = 43200,
},
},
WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs
{
RelyingPartyEntityName = "Example",
RelyingPartyId = "keycloak.example.com",
SignatureAlgorithms = new[]
{
"ES256",
"RS256",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerArgs;
import com.pulumi.keycloak.inputs.RealmSmtpServerAuthArgs;
import com.pulumi.keycloak.inputs.RealmInternationalizationArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesHeadersArgs;
import com.pulumi.keycloak.inputs.RealmSecurityDefensesBruteForceDetectionArgs;
import com.pulumi.keycloak.inputs.RealmWebAuthnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.displayName("my realm")
.displayNameHtml("<b>my realm</b>")
.loginTheme("base")
.accessCodeLifespan("1h")
.sslRequired("external")
.passwordPolicy("upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername")
.attributes(Map.of("mycustomAttribute", "myCustomValue"))
.smtpServer(RealmSmtpServerArgs.builder()
.host("smtp.example.com")
.from("example@example.com")
.auth(RealmSmtpServerAuthArgs.builder()
.username("tom")
.password("password")
.build())
.build())
.internationalization(RealmInternationalizationArgs.builder()
.supportedLocales(
"en",
"de",
"es")
.defaultLocale("en")
.build())
.securityDefenses(RealmSecurityDefensesArgs.builder()
.headers(RealmSecurityDefensesHeadersArgs.builder()
.xFrameOptions("DENY")
.contentSecurityPolicy("frame-src 'self'; frame-ancestors 'self'; object-src 'none';")
.contentSecurityPolicyReportOnly("")
.xContentTypeOptions("nosniff")
.xRobotsTag("none")
.xXssProtection("1; mode=block")
.strictTransportSecurity("max-age=31536000; includeSubDomains")
.build())
.bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()
.permanentLockout(false)
.maxLoginFailures(30)
.waitIncrementSeconds(60)
.quickLoginCheckMilliSeconds(1000)
.minimumQuickLoginWaitSeconds(60)
.maxFailureWaitSeconds(900)
.failureResetTimeSeconds(43200)
.build())
.build())
.webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()
.relyingPartyEntityName("Example")
.relyingPartyId("keycloak.example.com")
.signatureAlgorithms(
"ES256",
"RS256")
.build())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
displayName: my realm
displayNameHtml: <b>my realm</b>
loginTheme: base
accessCodeLifespan: 1h
sslRequired: external
passwordPolicy: upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername
attributes:
mycustomAttribute: myCustomValue
smtpServer:
host: smtp.example.com
from: example@example.com
auth:
username: tom
password: password
internationalization:
supportedLocales:
- en
- de
- es
defaultLocale: en
securityDefenses:
headers:
xFrameOptions: DENY
contentSecurityPolicy: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
contentSecurityPolicyReportOnly: ""
xContentTypeOptions: nosniff
xRobotsTag: none
xXssProtection: 1; mode=block
strictTransportSecurity: max-age=31536000; includeSubDomains
bruteForceDetection:
permanentLockout: false
maxLoginFailures: 30
waitIncrementSeconds: 60
quickLoginCheckMilliSeconds: 1000
minimumQuickLoginWaitSeconds: 60
maxFailureWaitSeconds: 900
failureResetTimeSeconds: 43200
webAuthnPolicy:
relyingPartyEntityName: Example
relyingPartyId: keycloak.example.com
signatureAlgorithms:
- ES256
- RS256
Default Client Scopes
default_default_client_scopes- (Optional) A list of defaultdefault client scopesto be used for client definitions. Defaults to[]or keycloak’s built-in defaultdefault client-scopes. For an alternative, please refer to the dedicated resourcekeycloak.RealmDefaultClientScopes.default_optional_client_scopes- (Optional) A list of defaultoptional client scopesto be used for client definitions. Defaults to[]or keycloak’s built-in defaultoptional client-scopes. For an alternative, please refer to the dedicated resourcekeycloak.RealmOptionalClientScopes.
Create Realm Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Realm(name: string, args: RealmArgs, opts?: CustomResourceOptions);@overload
def Realm(resource_name: str,
args: RealmArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Realm(resource_name: str,
opts: Optional[ResourceOptions] = None,
realm: Optional[str] = None,
access_code_lifespan: Optional[str] = None,
access_code_lifespan_login: Optional[str] = None,
access_code_lifespan_user_action: Optional[str] = None,
access_token_lifespan: Optional[str] = None,
access_token_lifespan_for_implicit_flow: Optional[str] = None,
account_theme: Optional[str] = None,
action_token_generated_by_admin_lifespan: Optional[str] = None,
action_token_generated_by_user_lifespan: Optional[str] = None,
admin_theme: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
browser_flow: Optional[str] = None,
client_authentication_flow: Optional[str] = None,
client_session_idle_timeout: Optional[str] = None,
client_session_max_lifespan: Optional[str] = None,
default_default_client_scopes: Optional[Sequence[str]] = None,
default_optional_client_scopes: Optional[Sequence[str]] = None,
default_signature_algorithm: Optional[str] = None,
direct_grant_flow: Optional[str] = None,
display_name: Optional[str] = None,
display_name_html: Optional[str] = None,
docker_authentication_flow: Optional[str] = None,
duplicate_emails_allowed: Optional[bool] = None,
edit_username_allowed: Optional[bool] = None,
email_theme: Optional[str] = None,
enabled: Optional[bool] = None,
first_broker_login_flow: Optional[str] = None,
internal_id: Optional[str] = None,
internationalization: Optional[RealmInternationalizationArgs] = None,
login_theme: Optional[str] = None,
login_with_email_allowed: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[int] = None,
offline_session_idle_timeout: Optional[str] = None,
offline_session_max_lifespan: Optional[str] = None,
offline_session_max_lifespan_enabled: Optional[bool] = None,
organizations_enabled: Optional[bool] = None,
otp_policy: Optional[RealmOtpPolicyArgs] = None,
password_policy: Optional[str] = None,
refresh_token_max_reuse: Optional[int] = None,
registration_allowed: Optional[bool] = None,
registration_email_as_username: Optional[bool] = None,
registration_flow: Optional[str] = None,
remember_me: Optional[bool] = None,
reset_credentials_flow: Optional[str] = None,
reset_password_allowed: Optional[bool] = None,
revoke_refresh_token: Optional[bool] = None,
security_defenses: Optional[RealmSecurityDefensesArgs] = None,
smtp_server: Optional[RealmSmtpServerArgs] = None,
ssl_required: Optional[str] = None,
sso_session_idle_timeout: Optional[str] = None,
sso_session_idle_timeout_remember_me: Optional[str] = None,
sso_session_max_lifespan: Optional[str] = None,
sso_session_max_lifespan_remember_me: Optional[str] = None,
user_managed_access: Optional[bool] = None,
verify_email: Optional[bool] = None,
web_authn_passwordless_policy: Optional[RealmWebAuthnPasswordlessPolicyArgs] = None,
web_authn_policy: Optional[RealmWebAuthnPolicyArgs] = None)func NewRealm(ctx *Context, name string, args RealmArgs, opts ...ResourceOption) (*Realm, error)public Realm(string name, RealmArgs args, CustomResourceOptions? opts = null)type: keycloak:Realm
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RealmArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var realmResource = new Keycloak.Realm("realmResource", new()
{
RealmName = "string",
AccessCodeLifespan = "string",
AccessCodeLifespanLogin = "string",
AccessCodeLifespanUserAction = "string",
AccessTokenLifespan = "string",
AccessTokenLifespanForImplicitFlow = "string",
AccountTheme = "string",
ActionTokenGeneratedByAdminLifespan = "string",
ActionTokenGeneratedByUserLifespan = "string",
AdminTheme = "string",
Attributes =
{
{ "string", "string" },
},
BrowserFlow = "string",
ClientAuthenticationFlow = "string",
ClientSessionIdleTimeout = "string",
ClientSessionMaxLifespan = "string",
DefaultDefaultClientScopes = new[]
{
"string",
},
DefaultOptionalClientScopes = new[]
{
"string",
},
DefaultSignatureAlgorithm = "string",
DirectGrantFlow = "string",
DisplayName = "string",
DisplayNameHtml = "string",
DockerAuthenticationFlow = "string",
DuplicateEmailsAllowed = false,
EditUsernameAllowed = false,
EmailTheme = "string",
Enabled = false,
FirstBrokerLoginFlow = "string",
InternalId = "string",
Internationalization = new Keycloak.Inputs.RealmInternationalizationArgs
{
DefaultLocale = "string",
SupportedLocales = new[]
{
"string",
},
},
LoginTheme = "string",
LoginWithEmailAllowed = false,
Oauth2DeviceCodeLifespan = "string",
Oauth2DevicePollingInterval = 0,
OfflineSessionIdleTimeout = "string",
OfflineSessionMaxLifespan = "string",
OfflineSessionMaxLifespanEnabled = false,
OrganizationsEnabled = false,
OtpPolicy = new Keycloak.Inputs.RealmOtpPolicyArgs
{
Algorithm = "string",
Digits = 0,
InitialCounter = 0,
LookAheadWindow = 0,
Period = 0,
Type = "string",
},
PasswordPolicy = "string",
RefreshTokenMaxReuse = 0,
RegistrationAllowed = false,
RegistrationEmailAsUsername = false,
RegistrationFlow = "string",
RememberMe = false,
ResetCredentialsFlow = "string",
ResetPasswordAllowed = false,
RevokeRefreshToken = false,
SecurityDefenses = new Keycloak.Inputs.RealmSecurityDefensesArgs
{
BruteForceDetection = new Keycloak.Inputs.RealmSecurityDefensesBruteForceDetectionArgs
{
FailureResetTimeSeconds = 0,
MaxFailureWaitSeconds = 0,
MaxLoginFailures = 0,
MinimumQuickLoginWaitSeconds = 0,
PermanentLockout = false,
QuickLoginCheckMilliSeconds = 0,
WaitIncrementSeconds = 0,
},
Headers = new Keycloak.Inputs.RealmSecurityDefensesHeadersArgs
{
ContentSecurityPolicy = "string",
ContentSecurityPolicyReportOnly = "string",
ReferrerPolicy = "string",
StrictTransportSecurity = "string",
XContentTypeOptions = "string",
XFrameOptions = "string",
XRobotsTag = "string",
XXssProtection = "string",
},
},
SmtpServer = new Keycloak.Inputs.RealmSmtpServerArgs
{
From = "string",
Host = "string",
Auth = new Keycloak.Inputs.RealmSmtpServerAuthArgs
{
Password = "string",
Username = "string",
},
EnvelopeFrom = "string",
FromDisplayName = "string",
Port = "string",
ReplyTo = "string",
ReplyToDisplayName = "string",
Ssl = false,
Starttls = false,
},
SslRequired = "string",
SsoSessionIdleTimeout = "string",
SsoSessionIdleTimeoutRememberMe = "string",
SsoSessionMaxLifespan = "string",
SsoSessionMaxLifespanRememberMe = "string",
UserManagedAccess = false,
VerifyEmail = false,
WebAuthnPasswordlessPolicy = new Keycloak.Inputs.RealmWebAuthnPasswordlessPolicyArgs
{
AcceptableAaguids = new[]
{
"string",
},
AttestationConveyancePreference = "string",
AuthenticatorAttachment = "string",
AvoidSameAuthenticatorRegister = false,
CreateTimeout = 0,
ExtraOrigins = new[]
{
"string",
},
RelyingPartyEntityName = "string",
RelyingPartyId = "string",
RequireResidentKey = "string",
SignatureAlgorithms = new[]
{
"string",
},
UserVerificationRequirement = "string",
},
WebAuthnPolicy = new Keycloak.Inputs.RealmWebAuthnPolicyArgs
{
AcceptableAaguids = new[]
{
"string",
},
AttestationConveyancePreference = "string",
AuthenticatorAttachment = "string",
AvoidSameAuthenticatorRegister = false,
CreateTimeout = 0,
ExtraOrigins = new[]
{
"string",
},
RelyingPartyEntityName = "string",
RelyingPartyId = "string",
RequireResidentKey = "string",
SignatureAlgorithms = new[]
{
"string",
},
UserVerificationRequirement = "string",
},
});
example, err := keycloak.NewRealm(ctx, "realmResource", &keycloak.RealmArgs{
Realm: pulumi.String("string"),
AccessCodeLifespan: pulumi.String("string"),
AccessCodeLifespanLogin: pulumi.String("string"),
AccessCodeLifespanUserAction: pulumi.String("string"),
AccessTokenLifespan: pulumi.String("string"),
AccessTokenLifespanForImplicitFlow: pulumi.String("string"),
AccountTheme: pulumi.String("string"),
ActionTokenGeneratedByAdminLifespan: pulumi.String("string"),
ActionTokenGeneratedByUserLifespan: pulumi.String("string"),
AdminTheme: pulumi.String("string"),
Attributes: pulumi.StringMap{
"string": pulumi.String("string"),
},
BrowserFlow: pulumi.String("string"),
ClientAuthenticationFlow: pulumi.String("string"),
ClientSessionIdleTimeout: pulumi.String("string"),
ClientSessionMaxLifespan: pulumi.String("string"),
DefaultDefaultClientScopes: pulumi.StringArray{
pulumi.String("string"),
},
DefaultOptionalClientScopes: pulumi.StringArray{
pulumi.String("string"),
},
DefaultSignatureAlgorithm: pulumi.String("string"),
DirectGrantFlow: pulumi.String("string"),
DisplayName: pulumi.String("string"),
DisplayNameHtml: pulumi.String("string"),
DockerAuthenticationFlow: pulumi.String("string"),
DuplicateEmailsAllowed: pulumi.Bool(false),
EditUsernameAllowed: pulumi.Bool(false),
EmailTheme: pulumi.String("string"),
Enabled: pulumi.Bool(false),
FirstBrokerLoginFlow: pulumi.String("string"),
InternalId: pulumi.String("string"),
Internationalization: &keycloak.RealmInternationalizationArgs{
DefaultLocale: pulumi.String("string"),
SupportedLocales: pulumi.StringArray{
pulumi.String("string"),
},
},
LoginTheme: pulumi.String("string"),
LoginWithEmailAllowed: pulumi.Bool(false),
Oauth2DeviceCodeLifespan: pulumi.String("string"),
Oauth2DevicePollingInterval: pulumi.Int(0),
OfflineSessionIdleTimeout: pulumi.String("string"),
OfflineSessionMaxLifespan: pulumi.String("string"),
OfflineSessionMaxLifespanEnabled: pulumi.Bool(false),
OrganizationsEnabled: pulumi.Bool(false),
OtpPolicy: &keycloak.RealmOtpPolicyArgs{
Algorithm: pulumi.String("string"),
Digits: pulumi.Int(0),
InitialCounter: pulumi.Int(0),
LookAheadWindow: pulumi.Int(0),
Period: pulumi.Int(0),
Type: pulumi.String("string"),
},
PasswordPolicy: pulumi.String("string"),
RefreshTokenMaxReuse: pulumi.Int(0),
RegistrationAllowed: pulumi.Bool(false),
RegistrationEmailAsUsername: pulumi.Bool(false),
RegistrationFlow: pulumi.String("string"),
RememberMe: pulumi.Bool(false),
ResetCredentialsFlow: pulumi.String("string"),
ResetPasswordAllowed: pulumi.Bool(false),
RevokeRefreshToken: pulumi.Bool(false),
SecurityDefenses: &keycloak.RealmSecurityDefensesArgs{
BruteForceDetection: &keycloak.RealmSecurityDefensesBruteForceDetectionArgs{
FailureResetTimeSeconds: pulumi.Int(0),
MaxFailureWaitSeconds: pulumi.Int(0),
MaxLoginFailures: pulumi.Int(0),
MinimumQuickLoginWaitSeconds: pulumi.Int(0),
PermanentLockout: pulumi.Bool(false),
QuickLoginCheckMilliSeconds: pulumi.Int(0),
WaitIncrementSeconds: pulumi.Int(0),
},
Headers: &keycloak.RealmSecurityDefensesHeadersArgs{
ContentSecurityPolicy: pulumi.String("string"),
ContentSecurityPolicyReportOnly: pulumi.String("string"),
ReferrerPolicy: pulumi.String("string"),
StrictTransportSecurity: pulumi.String("string"),
XContentTypeOptions: pulumi.String("string"),
XFrameOptions: pulumi.String("string"),
XRobotsTag: pulumi.String("string"),
XXssProtection: pulumi.String("string"),
},
},
SmtpServer: &keycloak.RealmSmtpServerArgs{
From: pulumi.String("string"),
Host: pulumi.String("string"),
Auth: &keycloak.RealmSmtpServerAuthArgs{
Password: pulumi.String("string"),
Username: pulumi.String("string"),
},
EnvelopeFrom: pulumi.String("string"),
FromDisplayName: pulumi.String("string"),
Port: pulumi.String("string"),
ReplyTo: pulumi.String("string"),
ReplyToDisplayName: pulumi.String("string"),
Ssl: pulumi.Bool(false),
Starttls: pulumi.Bool(false),
},
SslRequired: pulumi.String("string"),
SsoSessionIdleTimeout: pulumi.String("string"),
SsoSessionIdleTimeoutRememberMe: pulumi.String("string"),
SsoSessionMaxLifespan: pulumi.String("string"),
SsoSessionMaxLifespanRememberMe: pulumi.String("string"),
UserManagedAccess: pulumi.Bool(false),
VerifyEmail: pulumi.Bool(false),
WebAuthnPasswordlessPolicy: &keycloak.RealmWebAuthnPasswordlessPolicyArgs{
AcceptableAaguids: pulumi.StringArray{
pulumi.String("string"),
},
AttestationConveyancePreference: pulumi.String("string"),
AuthenticatorAttachment: pulumi.String("string"),
AvoidSameAuthenticatorRegister: pulumi.Bool(false),
CreateTimeout: pulumi.Int(0),
ExtraOrigins: pulumi.StringArray{
pulumi.String("string"),
},
RelyingPartyEntityName: pulumi.String("string"),
RelyingPartyId: pulumi.String("string"),
RequireResidentKey: pulumi.String("string"),
SignatureAlgorithms: pulumi.StringArray{
pulumi.String("string"),
},
UserVerificationRequirement: pulumi.String("string"),
},
WebAuthnPolicy: &keycloak.RealmWebAuthnPolicyArgs{
AcceptableAaguids: pulumi.StringArray{
pulumi.String("string"),
},
AttestationConveyancePreference: pulumi.String("string"),
AuthenticatorAttachment: pulumi.String("string"),
AvoidSameAuthenticatorRegister: pulumi.Bool(false),
CreateTimeout: pulumi.Int(0),
ExtraOrigins: pulumi.StringArray{
pulumi.String("string"),
},
RelyingPartyEntityName: pulumi.String("string"),
RelyingPartyId: pulumi.String("string"),
RequireResidentKey: pulumi.String("string"),
SignatureAlgorithms: pulumi.StringArray{
pulumi.String("string"),
},
UserVerificationRequirement: pulumi.String("string"),
},
})
var realmResource = new Realm("realmResource", RealmArgs.builder()
.realm("string")
.accessCodeLifespan("string")
.accessCodeLifespanLogin("string")
.accessCodeLifespanUserAction("string")
.accessTokenLifespan("string")
.accessTokenLifespanForImplicitFlow("string")
.accountTheme("string")
.actionTokenGeneratedByAdminLifespan("string")
.actionTokenGeneratedByUserLifespan("string")
.adminTheme("string")
.attributes(Map.of("string", "string"))
.browserFlow("string")
.clientAuthenticationFlow("string")
.clientSessionIdleTimeout("string")
.clientSessionMaxLifespan("string")
.defaultDefaultClientScopes("string")
.defaultOptionalClientScopes("string")
.defaultSignatureAlgorithm("string")
.directGrantFlow("string")
.displayName("string")
.displayNameHtml("string")
.dockerAuthenticationFlow("string")
.duplicateEmailsAllowed(false)
.editUsernameAllowed(false)
.emailTheme("string")
.enabled(false)
.firstBrokerLoginFlow("string")
.internalId("string")
.internationalization(RealmInternationalizationArgs.builder()
.defaultLocale("string")
.supportedLocales("string")
.build())
.loginTheme("string")
.loginWithEmailAllowed(false)
.oauth2DeviceCodeLifespan("string")
.oauth2DevicePollingInterval(0)
.offlineSessionIdleTimeout("string")
.offlineSessionMaxLifespan("string")
.offlineSessionMaxLifespanEnabled(false)
.organizationsEnabled(false)
.otpPolicy(RealmOtpPolicyArgs.builder()
.algorithm("string")
.digits(0)
.initialCounter(0)
.lookAheadWindow(0)
.period(0)
.type("string")
.build())
.passwordPolicy("string")
.refreshTokenMaxReuse(0)
.registrationAllowed(false)
.registrationEmailAsUsername(false)
.registrationFlow("string")
.rememberMe(false)
.resetCredentialsFlow("string")
.resetPasswordAllowed(false)
.revokeRefreshToken(false)
.securityDefenses(RealmSecurityDefensesArgs.builder()
.bruteForceDetection(RealmSecurityDefensesBruteForceDetectionArgs.builder()
.failureResetTimeSeconds(0)
.maxFailureWaitSeconds(0)
.maxLoginFailures(0)
.minimumQuickLoginWaitSeconds(0)
.permanentLockout(false)
.quickLoginCheckMilliSeconds(0)
.waitIncrementSeconds(0)
.build())
.headers(RealmSecurityDefensesHeadersArgs.builder()
.contentSecurityPolicy("string")
.contentSecurityPolicyReportOnly("string")
.referrerPolicy("string")
.strictTransportSecurity("string")
.xContentTypeOptions("string")
.xFrameOptions("string")
.xRobotsTag("string")
.xXssProtection("string")
.build())
.build())
.smtpServer(RealmSmtpServerArgs.builder()
.from("string")
.host("string")
.auth(RealmSmtpServerAuthArgs.builder()
.password("string")
.username("string")
.build())
.envelopeFrom("string")
.fromDisplayName("string")
.port("string")
.replyTo("string")
.replyToDisplayName("string")
.ssl(false)
.starttls(false)
.build())
.sslRequired("string")
.ssoSessionIdleTimeout("string")
.ssoSessionIdleTimeoutRememberMe("string")
.ssoSessionMaxLifespan("string")
.ssoSessionMaxLifespanRememberMe("string")
.userManagedAccess(false)
.verifyEmail(false)
.webAuthnPasswordlessPolicy(RealmWebAuthnPasswordlessPolicyArgs.builder()
.acceptableAaguids("string")
.attestationConveyancePreference("string")
.authenticatorAttachment("string")
.avoidSameAuthenticatorRegister(false)
.createTimeout(0)
.extraOrigins("string")
.relyingPartyEntityName("string")
.relyingPartyId("string")
.requireResidentKey("string")
.signatureAlgorithms("string")
.userVerificationRequirement("string")
.build())
.webAuthnPolicy(RealmWebAuthnPolicyArgs.builder()
.acceptableAaguids("string")
.attestationConveyancePreference("string")
.authenticatorAttachment("string")
.avoidSameAuthenticatorRegister(false)
.createTimeout(0)
.extraOrigins("string")
.relyingPartyEntityName("string")
.relyingPartyId("string")
.requireResidentKey("string")
.signatureAlgorithms("string")
.userVerificationRequirement("string")
.build())
.build());
realm_resource = keycloak.Realm("realmResource",
realm="string",
access_code_lifespan="string",
access_code_lifespan_login="string",
access_code_lifespan_user_action="string",
access_token_lifespan="string",
access_token_lifespan_for_implicit_flow="string",
account_theme="string",
action_token_generated_by_admin_lifespan="string",
action_token_generated_by_user_lifespan="string",
admin_theme="string",
attributes={
"string": "string",
},
browser_flow="string",
client_authentication_flow="string",
client_session_idle_timeout="string",
client_session_max_lifespan="string",
default_default_client_scopes=["string"],
default_optional_client_scopes=["string"],
default_signature_algorithm="string",
direct_grant_flow="string",
display_name="string",
display_name_html="string",
docker_authentication_flow="string",
duplicate_emails_allowed=False,
edit_username_allowed=False,
email_theme="string",
enabled=False,
first_broker_login_flow="string",
internal_id="string",
internationalization={
"default_locale": "string",
"supported_locales": ["string"],
},
login_theme="string",
login_with_email_allowed=False,
oauth2_device_code_lifespan="string",
oauth2_device_polling_interval=0,
offline_session_idle_timeout="string",
offline_session_max_lifespan="string",
offline_session_max_lifespan_enabled=False,
organizations_enabled=False,
otp_policy={
"algorithm": "string",
"digits": 0,
"initial_counter": 0,
"look_ahead_window": 0,
"period": 0,
"type": "string",
},
password_policy="string",
refresh_token_max_reuse=0,
registration_allowed=False,
registration_email_as_username=False,
registration_flow="string",
remember_me=False,
reset_credentials_flow="string",
reset_password_allowed=False,
revoke_refresh_token=False,
security_defenses={
"brute_force_detection": {
"failure_reset_time_seconds": 0,
"max_failure_wait_seconds": 0,
"max_login_failures": 0,
"minimum_quick_login_wait_seconds": 0,
"permanent_lockout": False,
"quick_login_check_milli_seconds": 0,
"wait_increment_seconds": 0,
},
"headers": {
"content_security_policy": "string",
"content_security_policy_report_only": "string",
"referrer_policy": "string",
"strict_transport_security": "string",
"x_content_type_options": "string",
"x_frame_options": "string",
"x_robots_tag": "string",
"x_xss_protection": "string",
},
},
smtp_server={
"from_": "string",
"host": "string",
"auth": {
"password": "string",
"username": "string",
},
"envelope_from": "string",
"from_display_name": "string",
"port": "string",
"reply_to": "string",
"reply_to_display_name": "string",
"ssl": False,
"starttls": False,
},
ssl_required="string",
sso_session_idle_timeout="string",
sso_session_idle_timeout_remember_me="string",
sso_session_max_lifespan="string",
sso_session_max_lifespan_remember_me="string",
user_managed_access=False,
verify_email=False,
web_authn_passwordless_policy={
"acceptable_aaguids": ["string"],
"attestation_conveyance_preference": "string",
"authenticator_attachment": "string",
"avoid_same_authenticator_register": False,
"create_timeout": 0,
"extra_origins": ["string"],
"relying_party_entity_name": "string",
"relying_party_id": "string",
"require_resident_key": "string",
"signature_algorithms": ["string"],
"user_verification_requirement": "string",
},
web_authn_policy={
"acceptable_aaguids": ["string"],
"attestation_conveyance_preference": "string",
"authenticator_attachment": "string",
"avoid_same_authenticator_register": False,
"create_timeout": 0,
"extra_origins": ["string"],
"relying_party_entity_name": "string",
"relying_party_id": "string",
"require_resident_key": "string",
"signature_algorithms": ["string"],
"user_verification_requirement": "string",
})
const realmResource = new keycloak.Realm("realmResource", {
realm: "string",
accessCodeLifespan: "string",
accessCodeLifespanLogin: "string",
accessCodeLifespanUserAction: "string",
accessTokenLifespan: "string",
accessTokenLifespanForImplicitFlow: "string",
accountTheme: "string",
actionTokenGeneratedByAdminLifespan: "string",
actionTokenGeneratedByUserLifespan: "string",
adminTheme: "string",
attributes: {
string: "string",
},
browserFlow: "string",
clientAuthenticationFlow: "string",
clientSessionIdleTimeout: "string",
clientSessionMaxLifespan: "string",
defaultDefaultClientScopes: ["string"],
defaultOptionalClientScopes: ["string"],
defaultSignatureAlgorithm: "string",
directGrantFlow: "string",
displayName: "string",
displayNameHtml: "string",
dockerAuthenticationFlow: "string",
duplicateEmailsAllowed: false,
editUsernameAllowed: false,
emailTheme: "string",
enabled: false,
firstBrokerLoginFlow: "string",
internalId: "string",
internationalization: {
defaultLocale: "string",
supportedLocales: ["string"],
},
loginTheme: "string",
loginWithEmailAllowed: false,
oauth2DeviceCodeLifespan: "string",
oauth2DevicePollingInterval: 0,
offlineSessionIdleTimeout: "string",
offlineSessionMaxLifespan: "string",
offlineSessionMaxLifespanEnabled: false,
organizationsEnabled: false,
otpPolicy: {
algorithm: "string",
digits: 0,
initialCounter: 0,
lookAheadWindow: 0,
period: 0,
type: "string",
},
passwordPolicy: "string",
refreshTokenMaxReuse: 0,
registrationAllowed: false,
registrationEmailAsUsername: false,
registrationFlow: "string",
rememberMe: false,
resetCredentialsFlow: "string",
resetPasswordAllowed: false,
revokeRefreshToken: false,
securityDefenses: {
bruteForceDetection: {
failureResetTimeSeconds: 0,
maxFailureWaitSeconds: 0,
maxLoginFailures: 0,
minimumQuickLoginWaitSeconds: 0,
permanentLockout: false,
quickLoginCheckMilliSeconds: 0,
waitIncrementSeconds: 0,
},
headers: {
contentSecurityPolicy: "string",
contentSecurityPolicyReportOnly: "string",
referrerPolicy: "string",
strictTransportSecurity: "string",
xContentTypeOptions: "string",
xFrameOptions: "string",
xRobotsTag: "string",
xXssProtection: "string",
},
},
smtpServer: {
from: "string",
host: "string",
auth: {
password: "string",
username: "string",
},
envelopeFrom: "string",
fromDisplayName: "string",
port: "string",
replyTo: "string",
replyToDisplayName: "string",
ssl: false,
starttls: false,
},
sslRequired: "string",
ssoSessionIdleTimeout: "string",
ssoSessionIdleTimeoutRememberMe: "string",
ssoSessionMaxLifespan: "string",
ssoSessionMaxLifespanRememberMe: "string",
userManagedAccess: false,
verifyEmail: false,
webAuthnPasswordlessPolicy: {
acceptableAaguids: ["string"],
attestationConveyancePreference: "string",
authenticatorAttachment: "string",
avoidSameAuthenticatorRegister: false,
createTimeout: 0,
extraOrigins: ["string"],
relyingPartyEntityName: "string",
relyingPartyId: "string",
requireResidentKey: "string",
signatureAlgorithms: ["string"],
userVerificationRequirement: "string",
},
webAuthnPolicy: {
acceptableAaguids: ["string"],
attestationConveyancePreference: "string",
authenticatorAttachment: "string",
avoidSameAuthenticatorRegister: false,
createTimeout: 0,
extraOrigins: ["string"],
relyingPartyEntityName: "string",
relyingPartyId: "string",
requireResidentKey: "string",
signatureAlgorithms: ["string"],
userVerificationRequirement: "string",
},
});
type: keycloak:Realm
properties:
accessCodeLifespan: string
accessCodeLifespanLogin: string
accessCodeLifespanUserAction: string
accessTokenLifespan: string
accessTokenLifespanForImplicitFlow: string
accountTheme: string
actionTokenGeneratedByAdminLifespan: string
actionTokenGeneratedByUserLifespan: string
adminTheme: string
attributes:
string: string
browserFlow: string
clientAuthenticationFlow: string
clientSessionIdleTimeout: string
clientSessionMaxLifespan: string
defaultDefaultClientScopes:
- string
defaultOptionalClientScopes:
- string
defaultSignatureAlgorithm: string
directGrantFlow: string
displayName: string
displayNameHtml: string
dockerAuthenticationFlow: string
duplicateEmailsAllowed: false
editUsernameAllowed: false
emailTheme: string
enabled: false
firstBrokerLoginFlow: string
internalId: string
internationalization:
defaultLocale: string
supportedLocales:
- string
loginTheme: string
loginWithEmailAllowed: false
oauth2DeviceCodeLifespan: string
oauth2DevicePollingInterval: 0
offlineSessionIdleTimeout: string
offlineSessionMaxLifespan: string
offlineSessionMaxLifespanEnabled: false
organizationsEnabled: false
otpPolicy:
algorithm: string
digits: 0
initialCounter: 0
lookAheadWindow: 0
period: 0
type: string
passwordPolicy: string
realm: string
refreshTokenMaxReuse: 0
registrationAllowed: false
registrationEmailAsUsername: false
registrationFlow: string
rememberMe: false
resetCredentialsFlow: string
resetPasswordAllowed: false
revokeRefreshToken: false
securityDefenses:
bruteForceDetection:
failureResetTimeSeconds: 0
maxFailureWaitSeconds: 0
maxLoginFailures: 0
minimumQuickLoginWaitSeconds: 0
permanentLockout: false
quickLoginCheckMilliSeconds: 0
waitIncrementSeconds: 0
headers:
contentSecurityPolicy: string
contentSecurityPolicyReportOnly: string
referrerPolicy: string
strictTransportSecurity: string
xContentTypeOptions: string
xFrameOptions: string
xRobotsTag: string
xXssProtection: string
smtpServer:
auth:
password: string
username: string
envelopeFrom: string
from: string
fromDisplayName: string
host: string
port: string
replyTo: string
replyToDisplayName: string
ssl: false
starttls: false
sslRequired: string
ssoSessionIdleTimeout: string
ssoSessionIdleTimeoutRememberMe: string
ssoSessionMaxLifespan: string
ssoSessionMaxLifespanRememberMe: string
userManagedAccess: false
verifyEmail: false
webAuthnPasswordlessPolicy:
acceptableAaguids:
- string
attestationConveyancePreference: string
authenticatorAttachment: string
avoidSameAuthenticatorRegister: false
createTimeout: 0
extraOrigins:
- string
relyingPartyEntityName: string
relyingPartyId: string
requireResidentKey: string
signatureAlgorithms:
- string
userVerificationRequirement: string
webAuthnPolicy:
acceptableAaguids:
- string
attestationConveyancePreference: string
authenticatorAttachment: string
avoidSameAuthenticatorRegister: false
createTimeout: 0
extraOrigins:
- string
relyingPartyEntityName: string
relyingPartyId: string
requireResidentKey: string
signatureAlgorithms:
- string
userVerificationRequirement: string
Realm Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Realm resource accepts the following input properties:
- Realm
Name string - The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- Access
Code stringLifespan - Access
Code stringLifespan Login - Access
Code stringLifespan User Action - Access
Token stringLifespan - Access
Token stringLifespan For Implicit Flow - Account
Theme string - Action
Token stringGenerated By Admin Lifespan - Action
Token stringGenerated By User Lifespan - Admin
Theme string - Attributes Dictionary<string, string>
- A map of custom attributes to add to the realm.
- Browser
Flow string - Which flow should be used for BrowserFlow
- Client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Default
Default List<string>Client Scopes - Default
Optional List<string>Client Scopes - Default
Signature stringAlgorithm - Direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- Display
Name string - The display name for the realm that is shown when logging in to the admin console.
- Display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- Docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- Duplicate
Emails boolAllowed - Edit
Username boolAllowed - Email
Theme string - Enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - First
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- Internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
Realm
Internationalization - Login
Theme string - Login
With boolEmail Allowed - Oauth2Device
Code stringLifespan - Oauth2Device
Polling intInterval - Offline
Session stringIdle Timeout - Offline
Session stringMax Lifespan - Offline
Session boolMax Lifespan Enabled - Organizations
Enabled bool - When
true, organization support is enabled. Defaults tofalse. - Otp
Policy RealmOtp Policy - Password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- Refresh
Token intMax Reuse - Registration
Allowed bool - Registration
Email boolAs Username - Registration
Flow string - Which flow should be used for RegistrationFlow
- Remember
Me bool - Reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- Reset
Password boolAllowed - Revoke
Refresh boolToken - Security
Defenses RealmSecurity Defenses - Smtp
Server RealmSmtp Server - Ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- Sso
Session stringIdle Timeout - Sso
Session stringIdle Timeout Remember Me - Sso
Session stringMax Lifespan - Sso
Session stringMax Lifespan Remember Me - User
Managed boolAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - Verify
Email bool - Web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - Web
Authn RealmPolicy Web Authn Policy
- Realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- Access
Code stringLifespan - Access
Code stringLifespan Login - Access
Code stringLifespan User Action - Access
Token stringLifespan - Access
Token stringLifespan For Implicit Flow - Account
Theme string - Action
Token stringGenerated By Admin Lifespan - Action
Token stringGenerated By User Lifespan - Admin
Theme string - Attributes map[string]string
- A map of custom attributes to add to the realm.
- Browser
Flow string - Which flow should be used for BrowserFlow
- Client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Default
Default []stringClient Scopes - Default
Optional []stringClient Scopes - Default
Signature stringAlgorithm - Direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- Display
Name string - The display name for the realm that is shown when logging in to the admin console.
- Display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- Docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- Duplicate
Emails boolAllowed - Edit
Username boolAllowed - Email
Theme string - Enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - First
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- Internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
Realm
Internationalization Args - Login
Theme string - Login
With boolEmail Allowed - Oauth2Device
Code stringLifespan - Oauth2Device
Polling intInterval - Offline
Session stringIdle Timeout - Offline
Session stringMax Lifespan - Offline
Session boolMax Lifespan Enabled - Organizations
Enabled bool - When
true, organization support is enabled. Defaults tofalse. - Otp
Policy RealmOtp Policy Args - Password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- Refresh
Token intMax Reuse - Registration
Allowed bool - Registration
Email boolAs Username - Registration
Flow string - Which flow should be used for RegistrationFlow
- Remember
Me bool - Reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- Reset
Password boolAllowed - Revoke
Refresh boolToken - Security
Defenses RealmSecurity Defenses Args - Smtp
Server RealmSmtp Server Args - Ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- Sso
Session stringIdle Timeout - Sso
Session stringIdle Timeout Remember Me - Sso
Session stringMax Lifespan - Sso
Session stringMax Lifespan Remember Me - User
Managed boolAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - Verify
Email bool - Web
Authn RealmPasswordless Policy Web Authn Passwordless Policy Args - Web
Authn RealmPolicy Web Authn Policy Args
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- access
Code StringLifespan - access
Code StringLifespan Login - access
Code StringLifespan User Action - access
Token StringLifespan - access
Token StringLifespan For Implicit Flow - account
Theme String - action
Token StringGenerated By Admin Lifespan - action
Token StringGenerated By User Lifespan - admin
Theme String - attributes Map<String,String>
- A map of custom attributes to add to the realm.
- browser
Flow String - Which flow should be used for BrowserFlow
- client
Authentication StringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session StringIdle Timeout - client
Session StringMax Lifespan - default
Default List<String>Client Scopes - default
Optional List<String>Client Scopes - default
Signature StringAlgorithm - direct
Grant StringFlow - Which flow should be used for DirectGrantFlow
- display
Name String - The display name for the realm that is shown when logging in to the admin console.
- display
Name StringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication StringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails BooleanAllowed - edit
Username BooleanAllowed - email
Theme String - enabled Boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker StringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id String - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization - login
Theme String - login
With BooleanEmail Allowed - oauth2Device
Code StringLifespan - oauth2Device
Polling IntegerInterval - offline
Session StringIdle Timeout - offline
Session StringMax Lifespan - offline
Session BooleanMax Lifespan Enabled - organizations
Enabled Boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy RealmOtp Policy - password
Policy String - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refresh
Token IntegerMax Reuse - registration
Allowed Boolean - registration
Email BooleanAs Username - registration
Flow String - Which flow should be used for RegistrationFlow
- remember
Me Boolean - reset
Credentials StringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password BooleanAllowed - revoke
Refresh BooleanToken - security
Defenses RealmSecurity Defenses - smtp
Server RealmSmtp Server - ssl
Required String - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session StringIdle Timeout - sso
Session StringIdle Timeout Remember Me - sso
Session StringMax Lifespan - sso
Session StringMax Lifespan Remember Me - user
Managed BooleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email Boolean - web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - web
Authn RealmPolicy Web Authn Policy
- realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- access
Code stringLifespan - access
Code stringLifespan Login - access
Code stringLifespan User Action - access
Token stringLifespan - access
Token stringLifespan For Implicit Flow - account
Theme string - action
Token stringGenerated By Admin Lifespan - action
Token stringGenerated By User Lifespan - admin
Theme string - attributes {[key: string]: string}
- A map of custom attributes to add to the realm.
- browser
Flow string - Which flow should be used for BrowserFlow
- client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session stringIdle Timeout - client
Session stringMax Lifespan - default
Default string[]Client Scopes - default
Optional string[]Client Scopes - default
Signature stringAlgorithm - direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- display
Name string - The display name for the realm that is shown when logging in to the admin console.
- display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails booleanAllowed - edit
Username booleanAllowed - email
Theme string - enabled boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization - login
Theme string - login
With booleanEmail Allowed - oauth2Device
Code stringLifespan - oauth2Device
Polling numberInterval - offline
Session stringIdle Timeout - offline
Session stringMax Lifespan - offline
Session booleanMax Lifespan Enabled - organizations
Enabled boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy RealmOtp Policy - password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refresh
Token numberMax Reuse - registration
Allowed boolean - registration
Email booleanAs Username - registration
Flow string - Which flow should be used for RegistrationFlow
- remember
Me boolean - reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password booleanAllowed - revoke
Refresh booleanToken - security
Defenses RealmSecurity Defenses - smtp
Server RealmSmtp Server - ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session stringIdle Timeout - sso
Session stringIdle Timeout Remember Me - sso
Session stringMax Lifespan - sso
Session stringMax Lifespan Remember Me - user
Managed booleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email boolean - web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - web
Authn RealmPolicy Web Authn Policy
- realm str
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- access_
code_ strlifespan - access_
code_ strlifespan_ login - access_
code_ strlifespan_ user_ action - access_
token_ strlifespan - access_
token_ strlifespan_ for_ implicit_ flow - account_
theme str - action_
token_ strgenerated_ by_ admin_ lifespan - action_
token_ strgenerated_ by_ user_ lifespan - admin_
theme str - attributes Mapping[str, str]
- A map of custom attributes to add to the realm.
- browser_
flow str - Which flow should be used for BrowserFlow
- client_
authentication_ strflow - Which flow should be used for ClientAuthenticationFlow
- client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - default_
default_ Sequence[str]client_ scopes - default_
optional_ Sequence[str]client_ scopes - default_
signature_ stralgorithm - direct_
grant_ strflow - Which flow should be used for DirectGrantFlow
- display_
name str - The display name for the realm that is shown when logging in to the admin console.
- display_
name_ strhtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker_
authentication_ strflow - Which flow should be used for DockerAuthenticationFlow
- duplicate_
emails_ boolallowed - edit_
username_ boolallowed - email_
theme str - enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first_
broker_ strlogin_ flow - Which flow should be used for FirstBrokerLoginFlow
- internal_
id str - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization Args - login_
theme str - login_
with_ boolemail_ allowed - oauth2_
device_ strcode_ lifespan - oauth2_
device_ intpolling_ interval - offline_
session_ stridle_ timeout - offline_
session_ strmax_ lifespan - offline_
session_ boolmax_ lifespan_ enabled - organizations_
enabled bool - When
true, organization support is enabled. Defaults tofalse. - otp_
policy RealmOtp Policy Args - password_
policy str - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refresh_
token_ intmax_ reuse - registration_
allowed bool - registration_
email_ boolas_ username - registration_
flow str - Which flow should be used for RegistrationFlow
- remember_
me bool - reset_
credentials_ strflow - Which flow should be used for ResetCredentialsFlow
- reset_
password_ boolallowed - revoke_
refresh_ booltoken - security_
defenses RealmSecurity Defenses Args - smtp_
server RealmSmtp Server Args - ssl_
required str - SSL Required: Values can be 'none', 'external' or 'all'.
- sso_
session_ stridle_ timeout - sso_
session_ stridle_ timeout_ remember_ me - sso_
session_ strmax_ lifespan - sso_
session_ strmax_ lifespan_ remember_ me - user_
managed_ boolaccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify_
email bool - web_
authn_ Realmpasswordless_ policy Web Authn Passwordless Policy Args - web_
authn_ Realmpolicy Web Authn Policy Args
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- access
Code StringLifespan - access
Code StringLifespan Login - access
Code StringLifespan User Action - access
Token StringLifespan - access
Token StringLifespan For Implicit Flow - account
Theme String - action
Token StringGenerated By Admin Lifespan - action
Token StringGenerated By User Lifespan - admin
Theme String - attributes Map<String>
- A map of custom attributes to add to the realm.
- browser
Flow String - Which flow should be used for BrowserFlow
- client
Authentication StringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session StringIdle Timeout - client
Session StringMax Lifespan - default
Default List<String>Client Scopes - default
Optional List<String>Client Scopes - default
Signature StringAlgorithm - direct
Grant StringFlow - Which flow should be used for DirectGrantFlow
- display
Name String - The display name for the realm that is shown when logging in to the admin console.
- display
Name StringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication StringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails BooleanAllowed - edit
Username BooleanAllowed - email
Theme String - enabled Boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker StringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id String - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization Property Map
- login
Theme String - login
With BooleanEmail Allowed - oauth2Device
Code StringLifespan - oauth2Device
Polling NumberInterval - offline
Session StringIdle Timeout - offline
Session StringMax Lifespan - offline
Session BooleanMax Lifespan Enabled - organizations
Enabled Boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy Property Map - password
Policy String - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- refresh
Token NumberMax Reuse - registration
Allowed Boolean - registration
Email BooleanAs Username - registration
Flow String - Which flow should be used for RegistrationFlow
- remember
Me Boolean - reset
Credentials StringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password BooleanAllowed - revoke
Refresh BooleanToken - security
Defenses Property Map - smtp
Server Property Map - ssl
Required String - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session StringIdle Timeout - sso
Session StringIdle Timeout Remember Me - sso
Session StringMax Lifespan - sso
Session StringMax Lifespan Remember Me - user
Managed BooleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email Boolean - web
Authn Property MapPasswordless Policy - web
Authn Property MapPolicy
Outputs
All input properties are implicitly available as output properties. Additionally, the Realm resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Realm Resource
Get an existing Realm resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RealmState, opts?: CustomResourceOptions): Realm@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_code_lifespan: Optional[str] = None,
access_code_lifespan_login: Optional[str] = None,
access_code_lifespan_user_action: Optional[str] = None,
access_token_lifespan: Optional[str] = None,
access_token_lifespan_for_implicit_flow: Optional[str] = None,
account_theme: Optional[str] = None,
action_token_generated_by_admin_lifespan: Optional[str] = None,
action_token_generated_by_user_lifespan: Optional[str] = None,
admin_theme: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
browser_flow: Optional[str] = None,
client_authentication_flow: Optional[str] = None,
client_session_idle_timeout: Optional[str] = None,
client_session_max_lifespan: Optional[str] = None,
default_default_client_scopes: Optional[Sequence[str]] = None,
default_optional_client_scopes: Optional[Sequence[str]] = None,
default_signature_algorithm: Optional[str] = None,
direct_grant_flow: Optional[str] = None,
display_name: Optional[str] = None,
display_name_html: Optional[str] = None,
docker_authentication_flow: Optional[str] = None,
duplicate_emails_allowed: Optional[bool] = None,
edit_username_allowed: Optional[bool] = None,
email_theme: Optional[str] = None,
enabled: Optional[bool] = None,
first_broker_login_flow: Optional[str] = None,
internal_id: Optional[str] = None,
internationalization: Optional[RealmInternationalizationArgs] = None,
login_theme: Optional[str] = None,
login_with_email_allowed: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[int] = None,
offline_session_idle_timeout: Optional[str] = None,
offline_session_max_lifespan: Optional[str] = None,
offline_session_max_lifespan_enabled: Optional[bool] = None,
organizations_enabled: Optional[bool] = None,
otp_policy: Optional[RealmOtpPolicyArgs] = None,
password_policy: Optional[str] = None,
realm: Optional[str] = None,
refresh_token_max_reuse: Optional[int] = None,
registration_allowed: Optional[bool] = None,
registration_email_as_username: Optional[bool] = None,
registration_flow: Optional[str] = None,
remember_me: Optional[bool] = None,
reset_credentials_flow: Optional[str] = None,
reset_password_allowed: Optional[bool] = None,
revoke_refresh_token: Optional[bool] = None,
security_defenses: Optional[RealmSecurityDefensesArgs] = None,
smtp_server: Optional[RealmSmtpServerArgs] = None,
ssl_required: Optional[str] = None,
sso_session_idle_timeout: Optional[str] = None,
sso_session_idle_timeout_remember_me: Optional[str] = None,
sso_session_max_lifespan: Optional[str] = None,
sso_session_max_lifespan_remember_me: Optional[str] = None,
user_managed_access: Optional[bool] = None,
verify_email: Optional[bool] = None,
web_authn_passwordless_policy: Optional[RealmWebAuthnPasswordlessPolicyArgs] = None,
web_authn_policy: Optional[RealmWebAuthnPolicyArgs] = None) -> Realmfunc GetRealm(ctx *Context, name string, id IDInput, state *RealmState, opts ...ResourceOption) (*Realm, error)public static Realm Get(string name, Input<string> id, RealmState? state, CustomResourceOptions? opts = null)public static Realm get(String name, Output<String> id, RealmState state, CustomResourceOptions options)resources: _: type: keycloak:Realm get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Code stringLifespan - Access
Code stringLifespan Login - Access
Code stringLifespan User Action - Access
Token stringLifespan - Access
Token stringLifespan For Implicit Flow - Account
Theme string - Action
Token stringGenerated By Admin Lifespan - Action
Token stringGenerated By User Lifespan - Admin
Theme string - Attributes Dictionary<string, string>
- A map of custom attributes to add to the realm.
- Browser
Flow string - Which flow should be used for BrowserFlow
- Client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Default
Default List<string>Client Scopes - Default
Optional List<string>Client Scopes - Default
Signature stringAlgorithm - Direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- Display
Name string - The display name for the realm that is shown when logging in to the admin console.
- Display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- Docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- Duplicate
Emails boolAllowed - Edit
Username boolAllowed - Email
Theme string - Enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - First
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- Internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
Realm
Internationalization - Login
Theme string - Login
With boolEmail Allowed - Oauth2Device
Code stringLifespan - Oauth2Device
Polling intInterval - Offline
Session stringIdle Timeout - Offline
Session stringMax Lifespan - Offline
Session boolMax Lifespan Enabled - Organizations
Enabled bool - When
true, organization support is enabled. Defaults tofalse. - Otp
Policy RealmOtp Policy - Password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- Realm
Name string - The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- Refresh
Token intMax Reuse - Registration
Allowed bool - Registration
Email boolAs Username - Registration
Flow string - Which flow should be used for RegistrationFlow
- Remember
Me bool - Reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- Reset
Password boolAllowed - Revoke
Refresh boolToken - Security
Defenses RealmSecurity Defenses - Smtp
Server RealmSmtp Server - Ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- Sso
Session stringIdle Timeout - Sso
Session stringIdle Timeout Remember Me - Sso
Session stringMax Lifespan - Sso
Session stringMax Lifespan Remember Me - User
Managed boolAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - Verify
Email bool - Web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - Web
Authn RealmPolicy Web Authn Policy
- Access
Code stringLifespan - Access
Code stringLifespan Login - Access
Code stringLifespan User Action - Access
Token stringLifespan - Access
Token stringLifespan For Implicit Flow - Account
Theme string - Action
Token stringGenerated By Admin Lifespan - Action
Token stringGenerated By User Lifespan - Admin
Theme string - Attributes map[string]string
- A map of custom attributes to add to the realm.
- Browser
Flow string - Which flow should be used for BrowserFlow
- Client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Default
Default []stringClient Scopes - Default
Optional []stringClient Scopes - Default
Signature stringAlgorithm - Direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- Display
Name string - The display name for the realm that is shown when logging in to the admin console.
- Display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- Docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- Duplicate
Emails boolAllowed - Edit
Username boolAllowed - Email
Theme string - Enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - First
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- Internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- Internationalization
Realm
Internationalization Args - Login
Theme string - Login
With boolEmail Allowed - Oauth2Device
Code stringLifespan - Oauth2Device
Polling intInterval - Offline
Session stringIdle Timeout - Offline
Session stringMax Lifespan - Offline
Session boolMax Lifespan Enabled - Organizations
Enabled bool - When
true, organization support is enabled. Defaults tofalse. - Otp
Policy RealmOtp Policy Args - Password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- Realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- Refresh
Token intMax Reuse - Registration
Allowed bool - Registration
Email boolAs Username - Registration
Flow string - Which flow should be used for RegistrationFlow
- Remember
Me bool - Reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- Reset
Password boolAllowed - Revoke
Refresh boolToken - Security
Defenses RealmSecurity Defenses Args - Smtp
Server RealmSmtp Server Args - Ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- Sso
Session stringIdle Timeout - Sso
Session stringIdle Timeout Remember Me - Sso
Session stringMax Lifespan - Sso
Session stringMax Lifespan Remember Me - User
Managed boolAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - Verify
Email bool - Web
Authn RealmPasswordless Policy Web Authn Passwordless Policy Args - Web
Authn RealmPolicy Web Authn Policy Args
- access
Code StringLifespan - access
Code StringLifespan Login - access
Code StringLifespan User Action - access
Token StringLifespan - access
Token StringLifespan For Implicit Flow - account
Theme String - action
Token StringGenerated By Admin Lifespan - action
Token StringGenerated By User Lifespan - admin
Theme String - attributes Map<String,String>
- A map of custom attributes to add to the realm.
- browser
Flow String - Which flow should be used for BrowserFlow
- client
Authentication StringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session StringIdle Timeout - client
Session StringMax Lifespan - default
Default List<String>Client Scopes - default
Optional List<String>Client Scopes - default
Signature StringAlgorithm - direct
Grant StringFlow - Which flow should be used for DirectGrantFlow
- display
Name String - The display name for the realm that is shown when logging in to the admin console.
- display
Name StringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication StringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails BooleanAllowed - edit
Username BooleanAllowed - email
Theme String - enabled Boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker StringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id String - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization - login
Theme String - login
With BooleanEmail Allowed - oauth2Device
Code StringLifespan - oauth2Device
Polling IntegerInterval - offline
Session StringIdle Timeout - offline
Session StringMax Lifespan - offline
Session BooleanMax Lifespan Enabled - organizations
Enabled Boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy RealmOtp Policy - password
Policy String - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refresh
Token IntegerMax Reuse - registration
Allowed Boolean - registration
Email BooleanAs Username - registration
Flow String - Which flow should be used for RegistrationFlow
- remember
Me Boolean - reset
Credentials StringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password BooleanAllowed - revoke
Refresh BooleanToken - security
Defenses RealmSecurity Defenses - smtp
Server RealmSmtp Server - ssl
Required String - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session StringIdle Timeout - sso
Session StringIdle Timeout Remember Me - sso
Session StringMax Lifespan - sso
Session StringMax Lifespan Remember Me - user
Managed BooleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email Boolean - web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - web
Authn RealmPolicy Web Authn Policy
- access
Code stringLifespan - access
Code stringLifespan Login - access
Code stringLifespan User Action - access
Token stringLifespan - access
Token stringLifespan For Implicit Flow - account
Theme string - action
Token stringGenerated By Admin Lifespan - action
Token stringGenerated By User Lifespan - admin
Theme string - attributes {[key: string]: string}
- A map of custom attributes to add to the realm.
- browser
Flow string - Which flow should be used for BrowserFlow
- client
Authentication stringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session stringIdle Timeout - client
Session stringMax Lifespan - default
Default string[]Client Scopes - default
Optional string[]Client Scopes - default
Signature stringAlgorithm - direct
Grant stringFlow - Which flow should be used for DirectGrantFlow
- display
Name string - The display name for the realm that is shown when logging in to the admin console.
- display
Name stringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication stringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails booleanAllowed - edit
Username booleanAllowed - email
Theme string - enabled boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker stringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id string - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization - login
Theme string - login
With booleanEmail Allowed - oauth2Device
Code stringLifespan - oauth2Device
Polling numberInterval - offline
Session stringIdle Timeout - offline
Session stringMax Lifespan - offline
Session booleanMax Lifespan Enabled - organizations
Enabled boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy RealmOtp Policy - password
Policy string - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm string
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refresh
Token numberMax Reuse - registration
Allowed boolean - registration
Email booleanAs Username - registration
Flow string - Which flow should be used for RegistrationFlow
- remember
Me boolean - reset
Credentials stringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password booleanAllowed - revoke
Refresh booleanToken - security
Defenses RealmSecurity Defenses - smtp
Server RealmSmtp Server - ssl
Required string - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session stringIdle Timeout - sso
Session stringIdle Timeout Remember Me - sso
Session stringMax Lifespan - sso
Session stringMax Lifespan Remember Me - user
Managed booleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email boolean - web
Authn RealmPasswordless Policy Web Authn Passwordless Policy - web
Authn RealmPolicy Web Authn Policy
- access_
code_ strlifespan - access_
code_ strlifespan_ login - access_
code_ strlifespan_ user_ action - access_
token_ strlifespan - access_
token_ strlifespan_ for_ implicit_ flow - account_
theme str - action_
token_ strgenerated_ by_ admin_ lifespan - action_
token_ strgenerated_ by_ user_ lifespan - admin_
theme str - attributes Mapping[str, str]
- A map of custom attributes to add to the realm.
- browser_
flow str - Which flow should be used for BrowserFlow
- client_
authentication_ strflow - Which flow should be used for ClientAuthenticationFlow
- client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - default_
default_ Sequence[str]client_ scopes - default_
optional_ Sequence[str]client_ scopes - default_
signature_ stralgorithm - direct_
grant_ strflow - Which flow should be used for DirectGrantFlow
- display_
name str - The display name for the realm that is shown when logging in to the admin console.
- display_
name_ strhtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker_
authentication_ strflow - Which flow should be used for DockerAuthenticationFlow
- duplicate_
emails_ boolallowed - edit_
username_ boolallowed - email_
theme str - enabled bool
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first_
broker_ strlogin_ flow - Which flow should be used for FirstBrokerLoginFlow
- internal_
id str - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization
Realm
Internationalization Args - login_
theme str - login_
with_ boolemail_ allowed - oauth2_
device_ strcode_ lifespan - oauth2_
device_ intpolling_ interval - offline_
session_ stridle_ timeout - offline_
session_ strmax_ lifespan - offline_
session_ boolmax_ lifespan_ enabled - organizations_
enabled bool - When
true, organization support is enabled. Defaults tofalse. - otp_
policy RealmOtp Policy Args - password_
policy str - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm str
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refresh_
token_ intmax_ reuse - registration_
allowed bool - registration_
email_ boolas_ username - registration_
flow str - Which flow should be used for RegistrationFlow
- remember_
me bool - reset_
credentials_ strflow - Which flow should be used for ResetCredentialsFlow
- reset_
password_ boolallowed - revoke_
refresh_ booltoken - security_
defenses RealmSecurity Defenses Args - smtp_
server RealmSmtp Server Args - ssl_
required str - SSL Required: Values can be 'none', 'external' or 'all'.
- sso_
session_ stridle_ timeout - sso_
session_ stridle_ timeout_ remember_ me - sso_
session_ strmax_ lifespan - sso_
session_ strmax_ lifespan_ remember_ me - user_
managed_ boolaccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify_
email bool - web_
authn_ Realmpasswordless_ policy Web Authn Passwordless Policy Args - web_
authn_ Realmpolicy Web Authn Policy Args
- access
Code StringLifespan - access
Code StringLifespan Login - access
Code StringLifespan User Action - access
Token StringLifespan - access
Token StringLifespan For Implicit Flow - account
Theme String - action
Token StringGenerated By Admin Lifespan - action
Token StringGenerated By User Lifespan - admin
Theme String - attributes Map<String>
- A map of custom attributes to add to the realm.
- browser
Flow String - Which flow should be used for BrowserFlow
- client
Authentication StringFlow - Which flow should be used for ClientAuthenticationFlow
- client
Session StringIdle Timeout - client
Session StringMax Lifespan - default
Default List<String>Client Scopes - default
Optional List<String>Client Scopes - default
Signature StringAlgorithm - direct
Grant StringFlow - Which flow should be used for DirectGrantFlow
- display
Name String - The display name for the realm that is shown when logging in to the admin console.
- display
Name StringHtml - The display name for the realm that is rendered as HTML on the screen when logging in to the admin console.
- docker
Authentication StringFlow - Which flow should be used for DockerAuthenticationFlow
- duplicate
Emails BooleanAllowed - edit
Username BooleanAllowed - email
Theme String - enabled Boolean
- When
false, users and clients will not be able to access this realm. Defaults totrue. - first
Broker StringLogin Flow - Which flow should be used for FirstBrokerLoginFlow
- internal
Id String - When specified, this will be used as the realm's internal ID within Keycloak. When not specified, the realm's internal ID will be set to the realm's name.
- internationalization Property Map
- login
Theme String - login
With BooleanEmail Allowed - oauth2Device
Code StringLifespan - oauth2Device
Polling NumberInterval - offline
Session StringIdle Timeout - offline
Session StringMax Lifespan - offline
Session BooleanMax Lifespan Enabled - organizations
Enabled Boolean - When
true, organization support is enabled. Defaults tofalse. - otp
Policy Property Map - password
Policy String - String that represents the passwordPolicies that are in place. Each policy is separated with " and ". Supported policies can be found in the server-info providers page. example: "upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)"
- realm String
- The name of the realm. This is unique across Keycloak. This will also be used as the realm's internal ID within Keycloak.
- refresh
Token NumberMax Reuse - registration
Allowed Boolean - registration
Email BooleanAs Username - registration
Flow String - Which flow should be used for RegistrationFlow
- remember
Me Boolean - reset
Credentials StringFlow - Which flow should be used for ResetCredentialsFlow
- reset
Password BooleanAllowed - revoke
Refresh BooleanToken - security
Defenses Property Map - smtp
Server Property Map - ssl
Required String - SSL Required: Values can be 'none', 'external' or 'all'.
- sso
Session StringIdle Timeout - sso
Session StringIdle Timeout Remember Me - sso
Session StringMax Lifespan - sso
Session StringMax Lifespan Remember Me - user
Managed BooleanAccess - When
true, users are allowed to manage their own resources. Defaults tofalse. - verify
Email Boolean - web
Authn Property MapPasswordless Policy - web
Authn Property MapPolicy
Supporting Types
RealmInternationalization, RealmInternationalizationArgs
- Default
Locale string - The locale to use by default. This locale code must be present within the
supported_localeslist. - Supported
Locales List<string> - A list of ISO 639-1 locale codes that the realm should support.
- Default
Locale string - The locale to use by default. This locale code must be present within the
supported_localeslist. - Supported
Locales []string - A list of ISO 639-1 locale codes that the realm should support.
- default
Locale String - The locale to use by default. This locale code must be present within the
supported_localeslist. - supported
Locales List<String> - A list of ISO 639-1 locale codes that the realm should support.
- default
Locale string - The locale to use by default. This locale code must be present within the
supported_localeslist. - supported
Locales string[] - A list of ISO 639-1 locale codes that the realm should support.
- default_
locale str - The locale to use by default. This locale code must be present within the
supported_localeslist. - supported_
locales Sequence[str] - A list of ISO 639-1 locale codes that the realm should support.
- default
Locale String - The locale to use by default. This locale code must be present within the
supported_localeslist. - supported
Locales List<String> - A list of ISO 639-1 locale codes that the realm should support.
RealmOtpPolicy, RealmOtpPolicyArgs
- Algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - Digits int
- How many digits the OTP have. Defaults to
6. - Initial
Counter int - What should the initial counter value be. Defaults to
2. - Look
Ahead intWindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - Period int
- How many seconds should an OTP token be valid. Defaults to
30. - Type string
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- Algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - Digits int
- How many digits the OTP have. Defaults to
6. - Initial
Counter int - What should the initial counter value be. Defaults to
2. - Look
Ahead intWindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - Period int
- How many seconds should an OTP token be valid. Defaults to
30. - Type string
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm String
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - digits Integer
- How many digits the OTP have. Defaults to
6. - initial
Counter Integer - What should the initial counter value be. Defaults to
2. - look
Ahead IntegerWindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - period Integer
- How many seconds should an OTP token be valid. Defaults to
30. - type String
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm string
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - digits number
- How many digits the OTP have. Defaults to
6. - initial
Counter number - What should the initial counter value be. Defaults to
2. - look
Ahead numberWindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - period number
- How many seconds should an OTP token be valid. Defaults to
30. - type string
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm str
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - digits int
- How many digits the OTP have. Defaults to
6. - initial_
counter int - What should the initial counter value be. Defaults to
2. - look_
ahead_ intwindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - period int
- How many seconds should an OTP token be valid. Defaults to
30. - type str
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
- algorithm String
- What hashing algorithm should be used to generate the OTP, Valid options are
HmacSHA1,HmacSHA256andHmacSHA512. Defaults toHmacSHA1. - digits Number
- How many digits the OTP have. Defaults to
6. - initial
Counter Number - What should the initial counter value be. Defaults to
2. - look
Ahead NumberWindow - How far ahead should the server look just in case the token generator and server are out of time sync or counter sync. Defaults to
1. - period Number
- How many seconds should an OTP token be valid. Defaults to
30. - type String
- One Time Password Type, supported Values are
totpfor Time-Based One Time Password andhotpfor Counter Based. Defaults tototp.
RealmSecurityDefenses, RealmSecurityDefensesArgs
RealmSecurityDefensesBruteForceDetection, RealmSecurityDefensesBruteForceDetectionArgs
- Failure
Reset intTime Seconds - When will failure count be reset?
- Max
Failure intWait Seconds - Max
Login intFailures - How many failures before wait is triggered.
- Minimum
Quick intLogin Wait Seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- Permanent
Lockout bool - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - Quick
Login intCheck Milli Seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- Wait
Increment intSeconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
- Failure
Reset intTime Seconds - When will failure count be reset?
- Max
Failure intWait Seconds - Max
Login intFailures - How many failures before wait is triggered.
- Minimum
Quick intLogin Wait Seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- Permanent
Lockout bool - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - Quick
Login intCheck Milli Seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- Wait
Increment intSeconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failure
Reset IntegerTime Seconds - When will failure count be reset?
- max
Failure IntegerWait Seconds - max
Login IntegerFailures - How many failures before wait is triggered.
- minimum
Quick IntegerLogin Wait Seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- permanent
Lockout Boolean - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - quick
Login IntegerCheck Milli Seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- wait
Increment IntegerSeconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failure
Reset numberTime Seconds - When will failure count be reset?
- max
Failure numberWait Seconds - max
Login numberFailures - How many failures before wait is triggered.
- minimum
Quick numberLogin Wait Seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- permanent
Lockout boolean - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - quick
Login numberCheck Milli Seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- wait
Increment numberSeconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failure_
reset_ inttime_ seconds - When will failure count be reset?
- max_
failure_ intwait_ seconds - max_
login_ intfailures - How many failures before wait is triggered.
- minimum_
quick_ intlogin_ wait_ seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- permanent_
lockout bool - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - quick_
login_ intcheck_ milli_ seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- wait_
increment_ intseconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
- failure
Reset NumberTime Seconds - When will failure count be reset?
- max
Failure NumberWait Seconds - max
Login NumberFailures - How many failures before wait is triggered.
- minimum
Quick NumberLogin Wait Seconds - How long to wait after a quick login failure.
max_failure_wait_seconds- (Optional) Max. time a user will be locked out.
- permanent
Lockout Boolean - When
true, this will lock the user permanently when the user exceeds the maximum login failures. - quick
Login NumberCheck Milli Seconds - Configures the amount of time, in milliseconds, for consecutive failures to lock a user out.
- wait
Increment NumberSeconds - This represents the amount of time a user should be locked out when the login failure threshold has been met.
RealmSecurityDefensesHeaders, RealmSecurityDefensesHeadersArgs
- Content
Security stringPolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- Content
Security stringPolicy Report Only - Used for testing Content Security Policies.
- Referrer
Policy string - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- Strict
Transport stringSecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- XContent
Type stringOptions - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- XFrame
Options string - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- XRobots
Tag string - Prevent pages from appearing in search engines.
- XXss
Protection string - This header configures the Cross-site scripting (XSS) filter in your browser.
- Content
Security stringPolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- Content
Security stringPolicy Report Only - Used for testing Content Security Policies.
- Referrer
Policy string - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- Strict
Transport stringSecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- XContent
Type stringOptions - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- XFrame
Options string - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- XRobots
Tag string - Prevent pages from appearing in search engines.
- XXss
Protection string - This header configures the Cross-site scripting (XSS) filter in your browser.
- content
Security StringPolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- content
Security StringPolicy Report Only - Used for testing Content Security Policies.
- referrer
Policy String - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strict
Transport StringSecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- x
Content StringType Options - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- x
Frame StringOptions - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- x
Robots StringTag - Prevent pages from appearing in search engines.
- x
Xss StringProtection - This header configures the Cross-site scripting (XSS) filter in your browser.
- content
Security stringPolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- content
Security stringPolicy Report Only - Used for testing Content Security Policies.
- referrer
Policy string - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strict
Transport stringSecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- x
Content stringType Options - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- x
Frame stringOptions - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- x
Robots stringTag - Prevent pages from appearing in search engines.
- x
Xss stringProtection - This header configures the Cross-site scripting (XSS) filter in your browser.
- content_
security_ strpolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- content_
security_ strpolicy_ report_ only - Used for testing Content Security Policies.
- referrer_
policy str - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strict_
transport_ strsecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- x_
content_ strtype_ options - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- x_
frame_ stroptions - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- x_
robots_ strtag - Prevent pages from appearing in search engines.
- x_
xss_ strprotection - This header configures the Cross-site scripting (XSS) filter in your browser.
- content
Security StringPolicy - Sets the Content Security Policy, which can be used for prevent pages from being included by non-origin iframes. More information can be found in the W3C-CSP Abstract.
- content
Security StringPolicy Report Only - Used for testing Content Security Policies.
- referrer
Policy String - The Referrer-Policy HTTP header controls how much referrer information (sent with the Referer header) should be included with requests.
- strict
Transport StringSecurity - The Script-Transport-Security HTTP header tells browsers to always use HTTPS.
- x
Content StringType Options - Sets the X-Content-Type-Options, which can be used for prevent MIME-sniffing a response away from the declared content-type
- x
Frame StringOptions - Sets the x-frame-option, which can be used to prevent pages from being included by non-origin iframes. More information can be found in the RFC7034
- x
Robots StringTag - Prevent pages from appearing in search engines.
- x
Xss StringProtection - This header configures the Cross-site scripting (XSS) filter in your browser.
RealmSmtpServer, RealmSmtpServerArgs
- From string
- The email address for the sender.
- Host string
- The host of the SMTP server.
- Auth
Realm
Smtp Server Auth - Enables authentication to the SMTP server. This block supports the following arguments:
- Envelope
From string - The email address uses for bounces.
- From
Display stringName - The display name of the sender email address.
- Port string
- The port of the SMTP server (defaults to 25).
- Reply
To string - The "reply to" email address.
- Reply
To stringDisplay Name - The display name of the "reply to" email address.
- Ssl bool
- When
true, enables SSL. Defaults tofalse. - Starttls bool
- When
true, enables StartTLS. Defaults tofalse.
- From string
- The email address for the sender.
- Host string
- The host of the SMTP server.
- Auth
Realm
Smtp Server Auth - Enables authentication to the SMTP server. This block supports the following arguments:
- Envelope
From string - The email address uses for bounces.
- From
Display stringName - The display name of the sender email address.
- Port string
- The port of the SMTP server (defaults to 25).
- Reply
To string - The "reply to" email address.
- Reply
To stringDisplay Name - The display name of the "reply to" email address.
- Ssl bool
- When
true, enables SSL. Defaults tofalse. - Starttls bool
- When
true, enables StartTLS. Defaults tofalse.
- from String
- The email address for the sender.
- host String
- The host of the SMTP server.
- auth
Realm
Smtp Server Auth - Enables authentication to the SMTP server. This block supports the following arguments:
- envelope
From String - The email address uses for bounces.
- from
Display StringName - The display name of the sender email address.
- port String
- The port of the SMTP server (defaults to 25).
- reply
To String - The "reply to" email address.
- reply
To StringDisplay Name - The display name of the "reply to" email address.
- ssl Boolean
- When
true, enables SSL. Defaults tofalse. - starttls Boolean
- When
true, enables StartTLS. Defaults tofalse.
- from string
- The email address for the sender.
- host string
- The host of the SMTP server.
- auth
Realm
Smtp Server Auth - Enables authentication to the SMTP server. This block supports the following arguments:
- envelope
From string - The email address uses for bounces.
- from
Display stringName - The display name of the sender email address.
- port string
- The port of the SMTP server (defaults to 25).
- reply
To string - The "reply to" email address.
- reply
To stringDisplay Name - The display name of the "reply to" email address.
- ssl boolean
- When
true, enables SSL. Defaults tofalse. - starttls boolean
- When
true, enables StartTLS. Defaults tofalse.
- from_ str
- The email address for the sender.
- host str
- The host of the SMTP server.
- auth
Realm
Smtp Server Auth - Enables authentication to the SMTP server. This block supports the following arguments:
- envelope_
from str - The email address uses for bounces.
- from_
display_ strname - The display name of the sender email address.
- port str
- The port of the SMTP server (defaults to 25).
- reply_
to str - The "reply to" email address.
- reply_
to_ strdisplay_ name - The display name of the "reply to" email address.
- ssl bool
- When
true, enables SSL. Defaults tofalse. - starttls bool
- When
true, enables StartTLS. Defaults tofalse.
- from String
- The email address for the sender.
- host String
- The host of the SMTP server.
- auth Property Map
- Enables authentication to the SMTP server. This block supports the following arguments:
- envelope
From String - The email address uses for bounces.
- from
Display StringName - The display name of the sender email address.
- port String
- The port of the SMTP server (defaults to 25).
- reply
To String - The "reply to" email address.
- reply
To StringDisplay Name - The display name of the "reply to" email address.
- ssl Boolean
- When
true, enables SSL. Defaults tofalse. - starttls Boolean
- When
true, enables StartTLS. Defaults tofalse.
RealmSmtpServerAuth, RealmSmtpServerAuthArgs
RealmWebAuthnPasswordlessPolicy, RealmWebAuthnPasswordlessPolicyArgs
- Acceptable
Aaguids List<string> - A set of AAGUIDs for which an authenticator can be registered.
- Attestation
Conveyance stringPreference - Either none, indirect or direct
- Authenticator
Attachment string - Either platform or cross-platform
- Avoid
Same boolAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - Create
Timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - Extra
Origins List<string> - A set of extra origins for non-web applications.
- Relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - Relying
Party stringId - The WebAuthn relying party ID.
- Require
Resident stringKey - Either Yes or No
- Signature
Algorithms List<string> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- User
Verification stringRequirement - Either required, preferred or discouraged
- Acceptable
Aaguids []string - A set of AAGUIDs for which an authenticator can be registered.
- Attestation
Conveyance stringPreference - Either none, indirect or direct
- Authenticator
Attachment string - Either platform or cross-platform
- Avoid
Same boolAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - Create
Timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - Extra
Origins []string - A set of extra origins for non-web applications.
- Relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - Relying
Party stringId - The WebAuthn relying party ID.
- Require
Resident stringKey - Either Yes or No
- Signature
Algorithms []string - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- User
Verification stringRequirement - Either required, preferred or discouraged
- acceptable
Aaguids List<String> - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance StringPreference - Either none, indirect or direct
- authenticator
Attachment String - Either platform or cross-platform
- avoid
Same BooleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout Integer - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins List<String> - A set of extra origins for non-web applications.
- relying
Party StringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party StringId - The WebAuthn relying party ID.
- require
Resident StringKey - Either Yes or No
- signature
Algorithms List<String> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification StringRequirement - Either required, preferred or discouraged
- acceptable
Aaguids string[] - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance stringPreference - Either none, indirect or direct
- authenticator
Attachment string - Either platform or cross-platform
- avoid
Same booleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout number - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins string[] - A set of extra origins for non-web applications.
- relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party stringId - The WebAuthn relying party ID.
- require
Resident stringKey - Either Yes or No
- signature
Algorithms string[] - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification stringRequirement - Either required, preferred or discouraged
- acceptable_
aaguids Sequence[str] - A set of AAGUIDs for which an authenticator can be registered.
- attestation_
conveyance_ strpreference - Either none, indirect or direct
- authenticator_
attachment str - Either platform or cross-platform
- avoid_
same_ boolauthenticator_ register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create_
timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra_
origins Sequence[str] - A set of extra origins for non-web applications.
- relying_
party_ strentity_ name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying_
party_ strid - The WebAuthn relying party ID.
- require_
resident_ strkey - Either Yes or No
- signature_
algorithms Sequence[str] - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user_
verification_ strrequirement - Either required, preferred or discouraged
- acceptable
Aaguids List<String> - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance StringPreference - Either none, indirect or direct
- authenticator
Attachment String - Either platform or cross-platform
- avoid
Same BooleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout Number - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins List<String> - A set of extra origins for non-web applications.
- relying
Party StringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party StringId - The WebAuthn relying party ID.
- require
Resident StringKey - Either Yes or No
- signature
Algorithms List<String> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification StringRequirement - Either required, preferred or discouraged
RealmWebAuthnPolicy, RealmWebAuthnPolicyArgs
- Acceptable
Aaguids List<string> - A set of AAGUIDs for which an authenticator can be registered.
- Attestation
Conveyance stringPreference - Either none, indirect or direct
- Authenticator
Attachment string - Either platform or cross-platform
- Avoid
Same boolAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - Create
Timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - Extra
Origins List<string> - A set of extra origins for non-web applications.
- Relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - Relying
Party stringId - The WebAuthn relying party ID.
- Require
Resident stringKey - Either Yes or No
- Signature
Algorithms List<string> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- User
Verification stringRequirement - Either required, preferred or discouraged
- Acceptable
Aaguids []string - A set of AAGUIDs for which an authenticator can be registered.
- Attestation
Conveyance stringPreference - Either none, indirect or direct
- Authenticator
Attachment string - Either platform or cross-platform
- Avoid
Same boolAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - Create
Timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - Extra
Origins []string - A set of extra origins for non-web applications.
- Relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - Relying
Party stringId - The WebAuthn relying party ID.
- Require
Resident stringKey - Either Yes or No
- Signature
Algorithms []string - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- User
Verification stringRequirement - Either required, preferred or discouraged
- acceptable
Aaguids List<String> - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance StringPreference - Either none, indirect or direct
- authenticator
Attachment String - Either platform or cross-platform
- avoid
Same BooleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout Integer - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins List<String> - A set of extra origins for non-web applications.
- relying
Party StringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party StringId - The WebAuthn relying party ID.
- require
Resident StringKey - Either Yes or No
- signature
Algorithms List<String> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification StringRequirement - Either required, preferred or discouraged
- acceptable
Aaguids string[] - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance stringPreference - Either none, indirect or direct
- authenticator
Attachment string - Either platform or cross-platform
- avoid
Same booleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout number - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins string[] - A set of extra origins for non-web applications.
- relying
Party stringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party stringId - The WebAuthn relying party ID.
- require
Resident stringKey - Either Yes or No
- signature
Algorithms string[] - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification stringRequirement - Either required, preferred or discouraged
- acceptable_
aaguids Sequence[str] - A set of AAGUIDs for which an authenticator can be registered.
- attestation_
conveyance_ strpreference - Either none, indirect or direct
- authenticator_
attachment str - Either platform or cross-platform
- avoid_
same_ boolauthenticator_ register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create_
timeout int - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra_
origins Sequence[str] - A set of extra origins for non-web applications.
- relying_
party_ strentity_ name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying_
party_ strid - The WebAuthn relying party ID.
- require_
resident_ strkey - Either Yes or No
- signature_
algorithms Sequence[str] - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user_
verification_ strrequirement - Either required, preferred or discouraged
- acceptable
Aaguids List<String> - A set of AAGUIDs for which an authenticator can be registered.
- attestation
Conveyance StringPreference - Either none, indirect or direct
- authenticator
Attachment String - Either platform or cross-platform
- avoid
Same BooleanAuthenticator Register - When
true, Keycloak will avoid registering the authenticator for WebAuthn if it has already been registered. Defaults tofalse. - create
Timeout Number - The timeout value for creating a user's public key credential in seconds. When set to
0, this timeout option is not adapted. Defaults to0. - extra
Origins List<String> - A set of extra origins for non-web applications.
- relying
Party StringEntity Name - A human-readable server name for the WebAuthn Relying Party. Defaults to
keycloak. - relying
Party StringId - The WebAuthn relying party ID.
- require
Resident StringKey - Either Yes or No
- signature
Algorithms List<String> - Keycloak lists ES256, ES384, ES512, RS256, RS384, RS512, RS1 at the time of writing
- user
Verification StringRequirement - Either required, preferred or discouraged
Import
Realms can be imported using their name.
Example:
bash
$ pulumi import keycloak:index/realm:Realm realm my-realm
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.